backend troubleshooting

thunderbird · Apr 7, 2024 · 077b14b · 077b14b
1 parent aac8108
commit 077b14b
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 9 deletions.
diff --git a/tofu/environments/stage/services/backend-infra/terragrunt.hcl b/tofu/environments/stage/services/backend-infra/terragrunt.hcl
@@ -19,7 +19,7 @@ dependency "vpc" {
   mock_outputs = {
     vpc_id                          = "mock_vpc_id"
     subnets                         = []
-    private_subnets                 = []
+    public_subnets                 = []
     ecr_endpoint_security_group     = "mock_sg"
     secrets_endpoint_security_group = "mock_sg"
     logs_endpoint_security_group    = "mock_sg"
@@ -42,7 +42,7 @@ inputs = {
   name_prefix                     = local.name_prefix
   region                          = local.region
   vpc                             = dependency.vpc.outputs.vpc_id
-  subnets                         = dependency.vpc.outputs.private_subnets
+  subnets                         = dependency.vpc.outputs.public_subnets
   ecr_endpoint_security_group     = dependency.vpc.outputs.ecr_endpoint_security_group
   secrets_endpoint_security_group = dependency.vpc.outputs.secrets_endpoint_security_group
   logs_endpoint_security_group    = dependency.vpc.outputs.logs_endpoint_security_group

diff --git a/tofu/modules/services/backend-infra/main.tf b/tofu/modules/services/backend-infra/main.tf
@@ -44,8 +44,8 @@ module "backend_alb" {
 
   security_group_ingress_rules = {
     inbound = {
-      from_port                    = 5000
-      to_port                      = 5000
+      from_port                    = 80
+      to_port                      = 80
       ip_protocol                  = "tcp"
       prefix_list_id = data.aws_ec2_managed_prefix_list.cloudfront.id
     }
@@ -63,7 +63,7 @@ module "backend_alb" {
   listeners = {
 
     http = {
-      port     = 5000
+      port     = 80
       protocol = "HTTP"
       #certificate_arn = var.ssl_cert
       fixed_response = {
@@ -91,7 +91,7 @@ module "backend_alb" {
 
   target_groups = {
     "${local.target_group_key}" = {
-      name                              = "${var.name_prefix}-backend-test"
+      name                              = "${var.name_prefix}-backend"
       protocol                          = "HTTP"
       port                              = 5000
       target_type                       = "ip"

diff --git a/tofu/modules/services/frontend/main.tf b/tofu/modules/services/frontend/main.tf
@@ -84,7 +84,7 @@ resource "aws_cloudfront_distribution" "appointment" {
     origin_id   = var.backend_id
     domain_name = var.backend_dns_name
     custom_origin_config {
-      http_port              = 80
+      http_port              = 5000
       https_port             = 5000
       origin_protocol_policy = "https-only"
       origin_ssl_protocols   = ["TLSv1.2"]
@@ -111,7 +111,7 @@ resource "aws_cloudfront_distribution" "appointment" {
       }
     }
 
-    viewer_protocol_policy = "allow-all"
+    viewer_protocol_policy = "redirect-to-https"
     min_ttl                = 0
     default_ttl            = 3600
     max_ttl                = 86400
@@ -131,7 +131,28 @@ resource "aws_cloudfront_distribution" "appointment" {
       }
     }
 
-    viewer_protocol_policy = "allow-all"
+    viewer_protocol_policy = "redirect-to-https"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+
+  }
+
+  ordered_cache_behavior {
+    path_pattern     = "/fxa"
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "POST", "PUT", "PATCH"]
+    cached_methods   = ["GET", "HEAD", "OPTIONS"]
+    target_origin_id = var.backend_id
+
+    forwarded_values {
+      query_string = true
+
+      cookies {
+        forward = "all"
+      }
+    }
+
+    viewer_protocol_policy = "redirect-to-https"
     min_ttl                = 0
     default_ttl            = 3600
     max_ttl                = 86400